Major Challenges of Systems-of-Systems with Cloud and DevOps – A Financial Experience Report

The term Systems-of-Systems (SoS) refers to a complex system that comprises other systems (the constituent systems), which have operational and managerial independence, geographical distribution, emergent behavior, and evolutionary development processes. DevSecOps (or SecDevOps) offers an approach to guide the implementation of IT Processes, which in turn may support the integration of a cloud environment to a systems-of-systems environment, incorporating information security practices, as well as fostering collaboration between both development and operation teams. It also aims to promote automation of IT processes so that the development of applications and / or services is fast and secure. However, there is a lack of detail in the process definitions to guide the implementation and use of DevSecOps in a Systems-of-Systems environment, especially when it is intended to merge cloud computing into pre-existing conventional infrastructures. In this context, this paper aims at describe the main actions, concerns and lessons learned, during planning and implementation phases, about IT Processes and IT Governance Model to transform an IT traditional environment into Systems-of-Systems environment, considering DevSecOps standards in a large Brazilian financial institution. It will show how IT Processes and IT Governance Model should be changed for incorporating a Cloud environment to a SoS. For doing so, we proposed the use of DevOps techniques as a means to reduce development time without to affect the quality and information security.

[1]  Ricardo Colomo Palacios,et al.  DevSecOps: A Multivocal Literature Review , 2017, SPICE.

[2]  Maya Daneva,et al.  A qualitative study of DevOps usage in practice , 2017, J. Softw. Evol. Process..

[3]  Diana N. Lopez,et al.  Government and management of information technology services based on ISO/IEC 27000, ISO/IEC 20000, ITIL Y COBIT , 2018 .

[4]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[5]  Pasi Kuvaja,et al.  Relationship of DevOps to Agile, Lean and Continuous Deployment - A Multivocal Literature Review Study , 2016, PROFES.

[6]  Tomi Männistö,et al.  DevOps Adoption Benefits and Challenges in Practice: A Case Study , 2016, PROFES.

[7]  Tommi Mikkonen,et al.  DevOps in practice: A multiple case study of five companies , 2019, Inf. Softw. Technol..

[8]  Marc J. Dupuis,et al.  A grounded theory analysis of modern web applications: knowledge, skills, and abilities for DevOps , 2013, RIIT '13.

[9]  Johannes Fottner,et al.  Deploying microservices for a cloud-based design of system-of-systems in intralogistics , 2017, 2017 IEEE 15th International Conference on Industrial Informatics (INDIN).

[10]  Rita Suzana Pitangueira Maciel,et al.  A Model Driven Transformation Development Process for Model to Model Transformation , 2016, SBES.

[11]  Jennifer Davis,et al.  Effective DevOps: Building a Culture of Collaboration, Affinity, and Tooling at Scale , 2016 .

[12]  Flávio Oquendo,et al.  Systems-of-systems development: Initiatives, trends, and challenges , 2016, 2016 XLII Latin American Computing Conference (CLEI).

[13]  Pasi Kuvaja,et al.  Dimensions of DevOps , 2015, XP.

[14]  Mark W. Maier,et al.  Architecting Principles for Systems‐of‐Systems , 1996 .

[15]  Guilherme Horta Travassos,et al.  Characterizing DevOps by Hearing Multiple Voices , 2016, SBES '16.

[16]  Lotfi Ben Othmane,et al.  SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[17]  Riccardo Scandariato,et al.  Generative Secure Design, Defined , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER).

[18]  Pooyan Jamshidi,et al.  Microservices Architecture Enables DevOps: Migration to a Cloud-Native Architecture , 2016, IEEE Software.

[19]  Rüdiger Kapitza,et al.  Towards Secure Dynamic Product Lines in the Cloud , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER).